Create a Group Policy or amend an existing Group Policy to allow RDP for all profiles i.e. Domain, Private and Public

Allow Windows Firewall>Allowed apps and features for Domain and Private

Be sure to allow IP address ranges for the Azure region of your subscription. Any IP address-based firewall rules should allow communication between On-prem infrastructure to Azure Datacenter IP Ranges, and ports 443 (HTTPS) and 9443 (data replication). You have to allow these IP ranges in your on-prem firewall for example Cisco ASA and Cloud Firewall such as Azure NSG.

Log on to the VM which will be protected by Azure Site Recovery, Open Command Prompt as an Admin

Type DiskPart then type SAN

It will show SAN Policy : Online All

· If not then type SAN POLICY=ONLINEALL

2. On the on-premises machine before failover, check that the Secure Shell service is set to start automatically on system boot. Check that firewall rules allow an SSH connection3. On the Azure VM after failover, check Boot diagnostics to view a screenshot of the VM if you can’t connect.

Download the vault registration key. You need this when you run Unified Setup. The key is valid for five days after you generate it.

Step8: Run and Configure Site Recovery Unified

Run the Unified Setup installation file.

In Before You Begin, select Install the configuration server and process server then click Next.

In Third Party Software License, click I Accept to download and install MySQL, then click Next.

In Registration, select the registration key you downloaded from the vault.

In Internet Settings, specify how the Provider running on the configuration server connects to Azure Site Recovery over the Internet. If you have an internet proxy server, provide the proxy details here.

In Prerequisites Check, Setup runs a check to make sure that installation can run. If a warning appears about the Global time sync check, verify that the time on the system clock (Date and Time settings) is the same as the time zone.

In MySQL Configuration, create credentials for logging on to the MySQL server instance that is installed.

In Install Location, select where you want to install the binaries and store the cache. The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of free space.

In Network Selection, specify the listener (network adapter and SSL port) on which the configuration server sends and receives replication data. Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environment’s requirements. We also open port 443, which is used to orchestrate replication operations. Do not use port 443 for sending or receiving replication traffic.

In Summary, review the information and click Install. Setup installs the configuration server and registers with it the Azure Site Recovery service.

When installation finishes, a passphrase is generated. You will need this when you enable replication, so copy it and keep it in a secure location. The server is displayed on the Settings > Servers pane in the vault.

On your configuration server, launch exe. It is available as a shortcut on the desktop and located in the install location\home\svsystems\bin folder.

Click Manage Accounts > Add Account.

In Account Details, add the account that will be used for automatic discovery.

Step9: Add vCenter Server to Azure Site Recovery Vault

Open the Azure portal and click on All resources.

Click on the Recovery Service vault named ContosoVMVault.

Click Site Recovery > Prepare Infrastructure > Source

Select +vCenter to connect to a vCenter server or vSphere ESXi host.

In Add vCenter, specify a friendly name for the server. Then, specify the IP address or FQDN.

Leave the port set to 443, unless your VMware servers listen for requests on a different port.

Select the account SVC-AzureSR to use for connecting to the server. Click OK.

In RPO threshold, use the default of 60 minutes. This value defines how often recovery points are created. An alert is generated if continuous replication exceeds this limit.

In Recovery point retention, use the default of 24 hours for how long the retention window is for each recovery point. For this tutorial we select 72 hours. Replicated VMs can be recovered to any point in a window.

In App-consistent snapshot frequency, use the default of 60 minutes for the frequency that application-consistent snapshots are created. Click OK to create the policy.

The policy is automatically associated with the configuration server. By default, a matching policy is automatically created for failback.

Step12: Enable replication as follows:

Click Replicate application > Source.

In Source, select the configuration server.

In Machine type, select Virtual Machines.

In vCenter/vSphere Hypervisor, select the vCenter server that manages the vSphere host, or select the host.

Select the process server (configuration server). Then click OK.

In Target, select the subscription and the resource group in which you want to create the failed over VMs. Choose the deployment model that you want to use in Azure (classic or resource management), for the failed over VMs.

Select the Azure storage account you want to use for replicating data.

Select the Azure network and subnet to which Azure VMs will connect, when they’re created after failover.

Select Configure now for selected machines, to apply the network setting to all machines you select for protection. Select Configure later to select the Azure network per machine.

In Virtual Machines > Select virtual machines, click and select each machine you want to replicate. You can only select machines for which replication can be enabled. Then click OK.

In Properties > Configure properties, select the account that will be used by the process server to automatically install the Mobility service on the machine.

Click Enable Replication. You can track progress of the Enable Protection job in Settings > Jobs > Site Recovery Jobs.

Step13: Verify VM Properties

In Protected Items, click Replicated Items > VM.

In the Replicated item pane, there’s a summary of VM information, health status, and the latest available recovery points. Click Properties to view more details.

In Compute and Network, you can modify the Azure name, resource group, target size, availability set, and managed disk settings

You can view and modify network settings, including the network/subnet in which the Azure VM will be located after failover, and the IP address that will be assigned to it.

In Disks, you can see information about the operating system and data disks on the VM.

Step14: Disaster Recovery Drill or Testing a DR

In Settings > Replicated Items, click the VM > +Test Failover.

Select a recovery point to use for the failover:

Latest processed : Fails the VM over to the latest recovery point that was processed by Site Recovery. The time stamp is shown. With this option, no time is spent processing data, so it provides a low RTO (recovery time objective).

Latest app-consistent: This option fails over all VMs to the latest app-consistent recovery point. The time stamp is shown.

Custom: Select any recovery point.

In Test Failover, select the target Azure network to which Azure VMs will be connected after failover occurs.

Click OK to begin the failover. You can track progress by clicking on the VM to open its properties. Or you can click the Test Failover job in vault name > Settings > Jobs > Site Recovery jobs.

After the failover finishes, the replica Azure VM appears in the Azure portal > Virtual Machines. Check that the VM is the appropriate size, that it’s connected to the right network, and that it’s running.

You should now be able to connect to the replicated VM in Azure.

To delete Azure VMs created during the test failover, click Cleanup test failover on the recovery plan.

Step15: Understanding and Preparing for failover and failback

Objective 1: Run a failover to Azure

In Settings > Replicated items click the VM > Failover.

In Failover select a Recovery Point to fail over to. You can use one of the following options:

Latest (default): This option first processes all the data sent to Site Recovery. It provides the lowest RPO (Recovery Point Objective) because the Azure VM created after failover has all the data that was replicated to Site Recovery when the failover was triggered.

Latest processed: This option fails over the VM to the latest recovery point processed by Site Recovery. This option provides a low RTO (Recovery Time Objective), because no time is spent processing unprocessed data.

Latest app-consistent: This option fails over the VM to the latest app-consistent recovery point processed by Site Recovery.

Custom: Specify a recovery point.

Select Shut down machine before beginning failover to attempt to do a shutdown of source virtual machines before triggering the failover. Failover continues even if shutdown fails. You can follow the failover progress on the Jobs

If you prepared to connect to the Azure VM, connect to validate it after the failover.

After you verify, Commit the failover. This deletes all the available recovery points.

Don’t Cancel the Task. Seat back, relax, take a coffee break. If you cancel a failover in progress, failover stops, but the VM won’t replicate again.

Objective2: Re-protect Azure VMs

Note: This procedure presumes that the on-premises VM isn’t available and you’re re-protecting to an alternate location.

In Settings > Replicated items, right-click the VM that was failed over and Re-Protect.

In Re-protect, verify that Azure to On-premises, is selected.

Specify the on-premises master target server, and the process server.

In Datastore, select the master target datastore to which you want to recover the disks on-premises. Use this option when the on-premises VM has been deleted, and you need to create new disks. This settings is ignored if the disks already exist, but you do need to specify a value.

In Confirm Failover, verify that the failover direction is from Azure.

Select the recovery point that you want to use for the failover. An app-consistent recovery point occurs before the most recent point in time, and it will cause some data loss. When failover runs, Site Recovery shuts down the Azure VMs, and boots up the on-premises VM. There will be some downtime, so choose an appropriate time.

Right-click the machine, and click Commit. This triggers a job that removes the Azure VMs.

Verify that Azure VMs have been shut down as expected.

Objective4: Re-protect on-premises machines to Azure

Note: Data should now be back on your on-premise site, but it isn’t replicating to Azure. You can start replicating to Azure again as follows:

In the vault > Settings >Replicated Items, select the failed back VMs that have failed back, and click Re-Protect.

Select the process server that is used to send the replicated data to Azure, and click OK.

Click on advanced tab, select Wake From Shutdown, on the right hand side, Set value to on

Click Wake Up capabilities, on the right hand side set value to Magic packet

Click on Power management Tab, check Allow the Computer to turn off this device to save, Allow this device to bring the computer out of standby and only allow management stations to bring the computer out of standby

Log on to SCCM server, open ConfigMgr Console, Expand Site management, right click Main site, click on Property

Click on Wake on LAN Tab, Check Enable Wake on LAN, Check Use Power on commands if the computers support technology, Check Unicast. you can select Subnet directed broadcast if your switch support subnet directed broadcast.

Click Port Tab, Select Wake on LAN

To use Wake on LAN functionality, always check Enable Wake on LAN in the schedule of deployment of any software.

There are lots of third party tools you can use to deploy wake on lan such as manageengine, solarwinds and specopssoft wake on lan tools. The painful part of this process would be, in some computer you have to go bios settings and set wake on lan on in power management. If you have dell pc, you can use dell client configuration utilities.

System Centre Configuration Manager 2007 R2 is built with Microsoft Operation Framework and IT Information Library. Most common uses of System Centre Configuration Manager (SCCM) are software and operating systems deployment. But you can do more then these two common use. SCCM is also used for configuration management, change management, operation management, Assets, Update, patches, driver management, software metering and lots more. Here, I am going to talk basic installation and configuration of SCCM as most of the config and requirements would be different in different organisation.

Installation

To install SCCM in native mode, you need certificates to be installed in SCCM server.

You just finish installing SCCM. Now you have install WSUS. A complete Guide is available in WSUS Installation link.

SCCM Configuration

In this part, you have to determine what you want to config and achieve through this deployment. Here, I am going to tell pretty basic config and where to go in SCCM R2 console to do admin tasks. However, I reckon, after going through this config you will be able to work around and understand configuration of SCCM you need.

Installation and Site Role Configuration

Expand the Site Management node by selecting Site Management>Site Settings>Site Systems>New Roles

There are several roles available here, you have to make choice of roles depending on your deployment structure and plan.

This part is basically integrating WSUS with SCCM. WSUS and SCCM can be single server or separate server. You have to make secure of http port because SCCM’s default http port config is port 80 and WSUS can be deployed using port 8530.

Operating System Deployment

Distributing the Boot Image Package

From within the Configuration Manager console, expand Site Database>Computer Management>Operating System Deployment> select Boot Images.

You will notice two boot images for various platforms, one for x64 bit (Boot Image [x64]) and the other for x86 devices. For the purpose of this book, we will concentrate on the x86 boot images, but there is basically no difference in configuring one or the other. The images are configured during the installation of Configuration Manager 2007. However, there are no distribution points assigned for either of the boot images.

On the Boot Image page, specify the boot image and distribution point you want to use. Click Browse, and select the boot image. Click Next to continue.

Click Next on the Summary page, and Configuration Manager 2007 will begin creating the capture media ISO file.

Finally, you will be presented with the Wizard Completed page, where you can click Close.

You can now burn that ISO file to a DVD and use that DVD to boot up the computers in which you will be building your operating system image.

Creating an Image of a Reference Computer

To begin creating an image of the reference computer, insert the DVD that was created from the OSDCapture.ISO file you created earlier. Run TSMBAutorun.exe located in the SMS\Bin\i386 folder on the DVD. This opens the Image Capture Wizard

Clicking Next opens the Image Destination page, allowing you to specify where to copy the image when the capture is completed. Fill in the correct information>click Next. As you can see, we copied the WIM file to our site server.

You will now be able to add some information about the image on the Image Information page. This page allows you to fill in the Created By, Windows Version, and Description fields for the WIM file.

On the Summary page, click Finish to begin the capture phase. An Installation Progress window appears, telling you that the capture wizard is working and running in the background. When the capture is complete, a System Restart message will appear, and the system will reboot.When the system reboots, it will boot into WinPE, begin the capture phase of the system.

You have wait for while for operating system is being captured.

Once the image capture is complete, you will be prompted with the Image Capture Wizard success message. Clicking OK will allow the machine to reboot and return to the operating system.

Packaging and Advertising the Image

Now you need to configure the image as a new package. Its ready to deploy to another system:

Open the Configuration Manager console, and expand Site Database>Computer Management>Operating System Deployment.

The WIM file that you just created needs to be created as an available operating system for Configuration Manager 2007. To add this WIM file, click Operating System Images under the Operating System Deployment node, and click Add Operating System Image from the Action pane.

This opens the Add Operating System Image Wizard’s Data Source page, Ensure that the Path field points to the location where the WIM file was created, and click Next.

The General page, allows you to customize the Name, Windows Version and personalized Comments fields for the image file. Fill in the appropriate information, and click Next.

The Summary page will be displayed, so click Next, and then finally the Wizard Completed screen will appear. On this page, click Close.

You will see the same node structure under this package as you would for a normal package.

Right-click the Distributions Point node, and select New Distribution Point. The same

New Distribution Point Wizard will display, allowing you to select the distribution point you want to use to distribute the image file.

To verify that the package has been successfully installed on the distribution point, while in the Operating System Images node, expand the Windows OS folder, expand the Package Status node, and click the Package Status folder.

Within this folder, you will see the status of the package. When the package has been successfully installed on the distribution point, the Installed column will change from 0 to 1.

Creating PXE Service Points

From within the Configuration Manager console, browse to Site Database, then expand Site

Management>Site Code>Site Settings>Site Systems.

This presents a list of all the site systems configured within your environment. Expand the Site Systems node, and select the server to which you want to add the role of PXE site service point. Right-click the server, and select New Roles.

On the New Site Role Wizard General page, click Next.

You will be presented with the System Role Selection page. Select PXE Service Point> click Next

You will see the PXE Service Point Configuration dialog box. This dialog box informs you that Configuration Manager 2007 must have some UDP ports opened on the server. Click Yes to continue enabling a PXE service point.

The New Site Role Wizard continues and presents the PXE>General page, This will allow you to configure how Configuration Manager allows incoming PXE requests. Click Next when you’re done.

Next the PXE Database page appears, allowing you to configure the account to use to connect with the database.

After you have configured the settings on this page, click Next.

On the Summary page, click Next to apply the settings, and configure the PXE service point.

Now you have to create a task Sequence for deployment, advertising the task sequence and setup a Computer Association. This is just starting point of SCCM. There are heaps of task need to be completed before you can enjoy full functionality of SCCM. I would recommend further study on MOF and SCCM .